Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Sick computer, continuous reboot.


  • This topic is locked This topic is locked
28 replies to this topic

#1 Pavo Real

Pavo Real

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 21 January 2011 - 12:18 PM

Hi All,

I need some help. I think I am infected and I don't know what to do. I was trying to install some software that a friend gave me and in the middle of the installation, my computer screen became pixelated and started making funny sounds (like old video game music). I rebooted and my computer got stuck in an auto-reboot loop. I can't even get back to windows. When I reboot, windows will start to load and either go to a blue screen of death or the log-in window will pop up, but the screen will be fuzzy and pixelated. I'm running windows 7 on a dell i7. Any help would be much appreciated. Thank you for your time. Take care.

Dave

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:27 PM

Posted 21 January 2011 - 04:23 PM

Hi Pavo Real ,

I am going to assist you with your problem.

Please refrain from making any changes to your system (scanning or running other tools, updating Windows, installing applications, removing files, etc.) from now on as it might interfere with our fixes. In case of making changes I shall assume my assistance is not needed any more. Thank you.

Please tell me whether you have a x86 system or a x64 system.

#3 Pavo Real

Pavo Real
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 21 January 2011 - 04:28 PM

Hi Just Curious,

Thank you so much for your help. I will not make any changes or touch my machine without your advice. I have an x86 system.

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:27 PM

Posted 21 January 2011 - 04:35 PM

Not that it really matters but I am Farbar.:)

Download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Boot Menu:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Choose your language settings, and then click Next.
  • Click Repair your computer.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors.
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter.
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:27 AM

Posted 21 January 2011 - 05:44 PM

Hello,I have moved thos topic to here in the Virus, Trojan, Spyware, and Malware Removal Logs forum where it will stay.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:27 PM

Posted 21 January 2011 - 05:48 PM

Thanks boopme.:)

#7 Pavo Real

Pavo Real
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 22 January 2011 - 12:44 PM

Hi Farbar,

Sorry for the name confusion. I downloaded FRST and put it on the flash drive. I booted up my computer as instructed and was unable to run FRST.EXE at the command prompt. I typed k:\frst.exe and get the following message

"The subsystem needed to support the image type is not present"

Awaiting further instruction. Take care.

D

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:27 PM

Posted 22 January 2011 - 06:02 PM

Thanks for the feedback.

I have an x86 system.

I think you are mistaken and have a x64 system. That is why I asked you which system you have and that is the reason you got the error. I got you download the x86 version.

Please remove FRST.exe and download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Boot into System Recovery Options.

At the command prompt type k:\frst64 and press Enter. Then press Scan button.

Edited by farbar, 22 January 2011 - 06:02 PM.


#9 Pavo Real

Pavo Real
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 22 January 2011 - 06:19 PM

Hi Farbar,

Thanks. That worked. I'm not real smart with this stuff (obviously) and appreciate your help. Here is the log:

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 1.8
Ran by SYSTEM at 2011-01-22 15:14:10
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry ==========================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s (Realtek Semiconductor)[8158240 2009-10-06]
HKLM\...\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 (Creative Technology Ltd.)[17920 2009-10-15]
HKLM\...\Run: [RunDLLEntry_EptMon] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 (Creative Technology Ltd.)[21504 2009-10-15]
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (Microsoft Corporation)[1475072 2009-07-13]
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (Microsoft Corporation)[1475072 2009-07-13]
HKU\todd\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun (DT Soft Ltd)[1305408 2011-01-05]
HKU\todd\...\Run: [Fnovuxuvijuki] rundll32.exe "C:\Users\todd\AppData\Local\rPZi32.dll",Startup ()[90112 2009-07-13]
HKLM\...\Runonce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1


==================== Drivers and Services ====================

3 1394ohci; C:\Windows\System32\DRIVERS\1394ohci.sys [228352 2010-07-21] (Microsoft Corporation)
0 ACPI; C:\Windows\System32\DRIVERS\ACPI.sys [334416 2009-07-13] (Microsoft Corporation)
3 AcpiPmi; C:\Windows\System32\DRIVERS\acpipmi.sys [12288 2009-07-13] (Microsoft Corporation)
3 adp94xx; C:\Windows\System32\DRIVERS\adp94xx.sys [491088 2009-07-13] (Adaptec, Inc.)
3 adpahci; C:\Windows\System32\DRIVERS\adpahci.sys [339536 2009-07-13] (Adaptec, Inc.)
3 adpu320; C:\Windows\System32\DRIVERS\adpu320.sys [182864 2009-07-13] (Adaptec, Inc.)
3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [72192 2009-07-13] (Microsoft Corporation)
1 AFD; C:\Windows\System32\drivers\afd.sys [500224 2009-07-13] (Microsoft Corporation)
3 agp440; C:\Windows\System32\DRIVERS\agp440.sys [61008 2009-07-13] (Microsoft Corporation)
3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-13] (Microsoft Corporation)
3 aliide; C:\Windows\System32\DRIVERS\aliide.sys [15440 2009-07-13] (Acer Laboratories Inc.)
2 AMD External Events Utility; C:\Windows\System32\atiesrxx.exe [202752 2009-12-10] (AMD)
3 amdide; C:\Windows\System32\DRIVERS\amdide.sys [15440 2009-07-13] (Microsoft Corporation)
3 AmdK8; C:\Windows\System32\DRIVERS\amdk8.sys [64512 2009-07-13] (Microsoft Corporation)
3 AmdPPM; C:\Windows\System32\DRIVERS\amdppm.sys [60928 2009-07-13] (Microsoft Corporation)
3 amdsata; C:\Windows\System32\DRIVERS\amdsata.sys [106576 2009-07-13] (Advanced Micro Devices)
3 amdsbs; C:\Windows\System32\DRIVERS\amdsbs.sys [194128 2009-07-13] (AMD Technologies Inc.)
0 amdxata; C:\Windows\System32\DRIVERS\amdxata.sys [28752 2009-07-13] (Advanced Micro Devices)
3 AppID; C:\Windows\System32\drivers\appid.sys [61440 2009-07-13] (Microsoft Corporation)
3 AppIDSvc; C:\Windows\System32\appidsvc.dll [32256 2009-07-13] (Microsoft Corporation)
3 Appinfo; C:\Windows\System32\appinfo.dll [70144 2009-07-13] (Microsoft Corporation)
2 Apple Mobile Device; "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [144176 2010-06-10] (Apple Inc.)
3 arc; C:\Windows\System32\DRIVERS\arc.sys [87632 2009-07-13] (Adaptec, Inc.)
3 arcsas; C:\Windows\System32\DRIVERS\arcsas.sys [97856 2009-07-13] (Adaptec, Inc.)
3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-13] (Microsoft Corporation)
3 atapi; C:\Windows\System32\DRIVERS\atapi.sys [24128 2009-07-13] (Microsoft Corporation)
3 AtiHdmiService; C:\Windows\System32\drivers\AtiHdmi.sys [121872 2009-10-01] (ATI Technologies, Inc.)
3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [6179328 2009-12-10] (ATI Technologies Inc.)
2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [676864 2009-07-13] (Microsoft Corporation)
2 AudioSrv; C:\Windows\System32\Audiosrv.dll [676864 2009-07-13] (Microsoft Corporation)
3 AxInstSV; C:\Windows\System32\AxInstSV.dll [114688 2009-07-13] (Microsoft Corporation)
3 b06bdrv; C:\Windows\System32\DRIVERS\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation)
3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation)
3 BDESVC; C:\Windows\System32\bdesvc.dll [100864 2009-07-13] (Microsoft Corporation)
1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-13] (Microsoft Corporation)
2 BFE; C:\Windows\System32\bfe.dll [703488 2009-07-13] (Microsoft Corporation)
2 BITS; C:\Windows\System32\qmgr.dll [848384 2009-07-13] (Microsoft Corporation)
1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [45056 2009-07-13] (Microsoft Corporation)
2 Bonjour Service; "C:\Program Files (x86)\Bonjour\mDNSResponder.exe" [345376 2010-05-18] (Apple Inc.)
3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2009-07-13] (Microsoft Corporation)
3 BrFiltLo; C:\Windows\System32\DRIVERS\BrFiltLo.sys [18432 2009-06-10] (Brother Industries, Ltd.)
3 BrFiltUp; C:\Windows\System32\DRIVERS\BrFiltUp.sys [8704 2009-06-10] (Brother Industries, Ltd.)
3 Browser; C:\Windows\System32\browser.dll [136192 2009-07-13] (Microsoft Corporation)
3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-13] (Brother Industries Ltd.)
3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] (Brother Industries Ltd.)
3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] (Brother Industries Ltd.)
3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] (Brother Industries Ltd.)
3 BTHMODEM; C:\Windows\System32\DRIVERS\bthmodem.sys [72192 2009-07-13] (Microsoft Corporation)
3 bthserv; C:\Windows\System32\bthserv.dll [83968 2009-07-13] (Microsoft Corporation)
4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-13] (Microsoft Corporation)
1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2009-07-13] (Microsoft Corporation)
3 CertPropSvc; C:\Windows\System32\certprop.dll [80384 2009-07-13] (Microsoft Corporation)
3 circlass; C:\Windows\System32\DRIVERS\circlass.sys [45568 2009-07-13] (Microsoft Corporation)
0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-13] (Microsoft Corporation)
4 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [66384 2009-06-10] (Microsoft Corporation)
4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-06-10] (Microsoft Corporation)
2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 2010-03-18] (Microsoft Corporation)
2 clr_optimization_v4.0.30319_64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [138576 2010-03-18] (Microsoft Corporation)
3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [17664 2009-07-13] (Microsoft Corporation)
3 cmdide; C:\Windows\System32\DRIVERS\cmdide.sys [17488 2009-07-13] (CMD Technology, Inc.)
0 CNG; C:\Windows\System32\Drivers\cng.sys [460504 2009-07-13] (Microsoft Corporation)
3 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [21584 2009-07-13] (Microsoft Corporation)
3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [38912 2009-07-13] (Microsoft Corporation)
3 COMSysApp; C:\Windows\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [9728 2009-07-13] (Microsoft Corporation)
4 crcdisk; C:\Windows\System32\DRIVERS\crcdisk.sys [24144 2009-07-13] (Microsoft Corporation)
2 CryptSvc; C:\Windows\System32\cryptsvc.dll [175104 2009-07-13] (Microsoft Corporation)
2 DcomLaunch; C:\Windows\System32\rpcss.dll [509440 2009-07-13] (Microsoft Corporation)
3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-13] (Microsoft Corporation)
1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2009-07-13] (Microsoft Corporation)
2 Dhcp; C:\Windows\System32\dhcpcore.dll [314368 2009-07-13] (Microsoft Corporation)
1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-13] (Microsoft Corporation)
0 Disk; C:\Windows\System32\DRIVERS\disk.sys [73280 2009-07-13] (Microsoft Corporation)
2 Dnscache; C:\Windows\System32\dnsrslvr.dll [182272 2009-07-13] (Microsoft Corporation)
2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation)
3 dot3svc; C:\Windows\System32\dot3svc.dll [252416 2009-07-13] (Microsoft Corporation)
3 Dot4; C:\Windows\System32\DRIVERS\Dot4.sys [145920 2009-07-13] (Microsoft Corporation)
3 Dot4Print; C:\Windows\System32\DRIVERS\Dot4Prt.sys [19968 2009-07-13] (Microsoft Corporation)
3 dot4usb; C:\Windows\System32\DRIVERS\dot4usb.sys [43008 2009-07-13] (Microsoft Corporation)
2 DPS; C:\Windows\System32\dps.dll [162816 2009-07-13] (Microsoft Corporation)
3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5632 2009-07-13] (Microsoft Corporation)
1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-01-08] (DT Soft Ltd)
3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [982600 2010-07-21] (Microsoft Corporation)
3 EapHost; C:\Windows\System32\eapsvc.dll [111104 2009-07-13] (Microsoft Corporation)
3 ebdrv; C:\Windows\System32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
3 EFS; C:\Windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [696320 2010-08-04] (Microsoft Corporation)
3 ehSched; C:\Windows\ehome\ehsched.exe [127488 2009-07-13] (Microsoft Corporation)
3 elxstor; C:\Windows\System32\DRIVERS\elxstor.sys [530496 2009-07-13] (Emulex)
3 ErrDev; C:\Windows\System32\DRIVERS\errdev.sys [9728 2009-07-13] (Microsoft Corporation)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [27136 2009-07-13] (Microsoft Corporation)
2 EventSystem; C:\Windows\System32\es.dll [402944 2009-07-13] (Microsoft Corporation)
3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-13] (Microsoft Corporation)
3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-13] (Microsoft Corporation)
3 Fax; C:\Windows\System32\fxssvc.exe [689152 2009-07-13] (Microsoft Corporation)
3 fdc; C:\Windows\System32\DRIVERS\fdc.sys [29696 2009-07-13] (Microsoft Corporation)
3 fdPHost; C:\Windows\System32\fdPHost.dll [16384 2009-07-13] (Microsoft Corporation)
2 FDResPub; C:\Windows\System32\fdrespub.dll [34816 2009-07-13] (Microsoft Corporation)
0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-13] (Microsoft Corporation)
3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-13] (Microsoft Corporation)
3 FLEXnet Licensing Service; "C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [1045256 2010-07-21] (Acresso Software Inc.)
3 flpydisk; C:\Windows\System32\DRIVERS\flpydisk.sys [24576 2009-07-13] (Microsoft Corporation)
0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [290368 2009-07-13] (Microsoft Corporation)
3 FontCache; C:\Windows\System32\FntCache.dll [1127936 2009-07-13] (Microsoft Corporation)
3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42840 2009-06-10] (Microsoft Corporation)
3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-13] (Microsoft Corporation)
0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [23104 2009-07-13] (Microsoft Corporation)
0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223448 2009-09-26] (Microsoft Corporation)
3 gagp30kx; C:\Windows\System32\DRIVERS\gagp30kx.sys [65088 2009-07-13] (Microsoft Corporation)
3 GEARAspiWDM; C:\Windows\System32\DRIVERS\GEARAspiWDM.sys [34152 2009-05-18] (GEAR Software Inc.)
3 GoToAssist; "C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe" Start=service [16680 2010-07-21] (Citrix Online, a division of Citrix Systems, Inc.)
2 gpsvc; C:\Windows\System32\gpsvc.dll [776192 2009-07-13] (Microsoft Corporation)
3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [136120 2009-12-22] (Google)
3 hcw85cir; C:\Windows\System32\drivers\hcw85cir.sys [31232 2009-06-10] (Hauppauge Computer Works, Inc.)
3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [122368 2009-07-13] (Microsoft Corporation)
3 HECIx64; C:\Windows\System32\DRIVERS\HECIx64.sys [56344 2009-09-17] (Intel Corporation)
3 HidBatt; C:\Windows\System32\DRIVERS\HidBatt.sys [26624 2009-07-13] (Microsoft Corporation)
3 HidBth; C:\Windows\System32\DRIVERS\hidbth.sys [100864 2009-07-13] (Microsoft Corporation)
3 HidIr; C:\Windows\System32\DRIVERS\hidir.sys [46592 2009-07-13] (Microsoft Corporation)
3 hidserv; C:\Windows\System32\hidserv.dll [38912 2009-07-13] (Microsoft Corporation)
3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2009-07-13] (Microsoft Corporation)
3 hkmsvc; C:\Windows\System32\kmsvc.dll [90624 2009-07-13] (Microsoft Corporation)
3 HomeGroupListener; C:\Windows\System32\ListSvc.dll [231936 2009-07-13] (Microsoft Corporation)
3 HomeGroupProvider; C:\Windows\System32\provsvc.dll [187904 2009-07-13] (Microsoft Corporation)
3 HpSAMD; C:\Windows\System32\DRIVERS\HpSAMD.sys [77888 2009-07-13] (Hewlett-Packard Company)
3 HTTP; C:\Windows\System32\drivers\HTTP.sys [751616 2009-07-13] (Microsoft Corporation)
0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14416 2009-07-13] (Microsoft Corporation)
3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [105472 2009-07-13] (Microsoft Corporation)
0 iaStor; C:\Windows\System32\DRIVERS\iaStor.sys [537112 2009-10-02] (Intel Corporation)
2 IAStorDataMgrSvc; "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" [13336 2009-10-02] (Intel Corporation)
3 iaStorV; C:\Windows\System32\DRIVERS\iaStorV.sys [410688 2009-07-13] (Intel Corporation)
3 idsvc; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe" [856384 2009-06-10] (Microsoft Corporation)
3 iirsp; C:\Windows\System32\DRIVERS\iirsp.sys [44112 2009-07-13] (Intel Corp./ICP vortex GmbH)
2 IKEEXT; C:\Windows\System32\ikeext.dll [845824 2009-07-13] (Microsoft Corporation)
3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHD64.sys [2009376 2009-10-06] (Realtek Semiconductor Corp.)
3 IntcDAud; C:\Windows\System32\DRIVERS\IntcDAud.sys [233984 2009-09-26] (Intel® Corporation)
3 intelide; C:\Windows\System32\DRIVERS\intelide.sys [16960 2009-07-13] (Microsoft Corporation)
3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-13] (Microsoft Corporation)
3 IPBusEnum; C:\Windows\System32\ipbusenum.dll [101888 2009-07-13] (Microsoft Corporation)
3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2009-07-13] (Microsoft Corporation)
2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [565760 2009-07-13] (Microsoft Corporation)
3 IPMIDRV; C:\Windows\System32\DRIVERS\IPMIDrv.sys [78848 2009-07-13] (Microsoft Corporation)
3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-13] (Microsoft Corporation)
3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [654112 2010-07-21] (Apple Inc.)
3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-13] (Microsoft Corporation)
3 isapnp; C:\Windows\System32\DRIVERS\isapnp.sys [20544 2009-07-13] (Microsoft Corporation)
3 iScsiPrt; C:\Windows\System32\DRIVERS\msiscsi.sys [224832 2009-07-13] (Microsoft Corporation)
3 k57nd60a; C:\Windows\System32\DRIVERS\k57nd60a.sys [321064 2009-10-16] (Broadcom Corporation)
3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [50768 2009-07-13] (Microsoft Corporation)
3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2009-07-13] (Microsoft Corporation)
3 KeyIso; C:\Windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95312 2009-07-13] (Microsoft Corporation)
0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [153160 2010-07-21] (Microsoft Corporation)
3 ksthunk; C:\Windows\System32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation)
3 KtmRm; C:\Windows\System32\msdtckrm.dll [368640 2009-07-13] (Microsoft Corporation)
2 LanmanServer; C:\Windows\System32\srvsvc.dll [236032 2010-08-27] (Microsoft Corporation)
2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [118784 2009-07-13] (Microsoft Corporation)
2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-13] (Microsoft Corporation)
3 lltdsvc; C:\Windows\System32\lltdsvc.dll [300032 2009-07-13] (Microsoft Corporation)
2 lmhosts; C:\Windows\System32\lmhsvc.dll [23552 2009-07-13] (Microsoft Corporation)
3 LSI_FC; C:\Windows\System32\DRIVERS\lsi_fc.sys [114752 2009-07-13] (LSI Corporation)
3 LSI_SAS; C:\Windows\System32\DRIVERS\lsi_sas.sys [106560 2009-07-13] (LSI Corporation)
3 LSI_SAS2; C:\Windows\System32\DRIVERS\lsi_sas2.sys [65600 2009-07-13] (LSI Corporation)
3 LSI_SCSI; C:\Windows\System32\DRIVERS\lsi_scsi.sys [115776 2009-07-13] (LSI Corporation)
2 luafv; C:\Windows\System32\drivers\luafv.sys [113152 2009-07-13] (Microsoft Corporation)
4 Mcx2Svc; C:\Windows\System32\Mcx2Svc.dll [84480 2009-07-13] (Microsoft Corporation)
3 megasas; C:\Windows\System32\DRIVERS\megasas.sys [35392 2009-07-13] (LSI Corporation)
3 MegaSR; C:\Windows\System32\DRIVERS\MegaSR.sys [284736 2009-07-13] (LSI Corporation, Inc.)
2 MMCSS; C:\Windows\System32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation)
3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-13] (Microsoft Corporation)
3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-13] (Microsoft Corporation)
3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-13] (Microsoft Corporation)
3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-13] (Microsoft Corporation)
0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94784 2009-07-13] (Microsoft Corporation)
3 mpio; C:\Windows\System32\DRIVERS\mpio.sys [155216 2009-07-13] (Microsoft Corporation)
3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-13] (Microsoft Corporation)
2 MpsSvc; C:\Windows\System32\mpssvc.dll [824832 2009-07-13] (Microsoft Corporation)
3 MRxDAV; C:\Windows\System32\drivers\mrxdav.sys [140800 2009-07-13] (Microsoft Corporation)
3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [157696 2010-07-21] (Microsoft Corporation)
3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [286720 2010-07-21] (Microsoft Corporation)
3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [125952 2010-07-21] (Microsoft Corporation)
3 msahci; C:\Windows\System32\DRIVERS\msahci.sys [30296 2010-07-21] (Microsoft Corporation)
3 msdsm; C:\Windows\System32\DRIVERS\msdsm.sys [140352 2009-07-13] (Microsoft Corporation)
3 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-13] (Microsoft Corporation)
1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-13] (Microsoft Corporation)
3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-13] (Microsoft Corporation)
0 msisadrv; C:\Windows\System32\DRIVERS\msisadrv.sys [15424 2009-07-13] (Microsoft Corporation)
3 MSiSCSI; C:\Windows\System32\iscsiexe.dll [156672 2009-07-13] (Microsoft Corporation)
3 msiserver; C:\Windows\System32\msiexec.exe /V [127488 2009-07-13] (Microsoft Corporation)
3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-13] (Microsoft Corporation)
3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-13] (Microsoft Corporation)
3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-13] (Microsoft Corporation)
3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [367168 2009-07-13] (Microsoft Corporation)
1 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [32320 2009-07-13] (Microsoft Corporation)
2 MSSQL$SQLEXPRESS; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [29262680 2009-05-27] (Microsoft Corporation)
4 MSSQLServerADHelper; "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [45408 2008-11-24] (Microsoft Corporation)
3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-13] (Microsoft Corporation)
4 msvsmon90; "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe" /service msvsmon90 [4466688 2007-11-07] (Microsoft Corporation)
3 MTConfig; C:\Windows\System32\DRIVERS\MTConfig.sys [15360 2009-07-13] (Microsoft Corporation)
0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-13] (Microsoft Corporation)
3 napagent; C:\Windows\System32\qagentRT.dll [475648 2009-07-13] (Microsoft Corporation)
3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-13] (Microsoft Corporation)
0 NDIS; C:\Windows\System32\drivers\ndis.sys [947776 2009-07-13] (Microsoft Corporation)
3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-13] (Microsoft Corporation)
3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-13] (Microsoft Corporation)
3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56320 2009-07-13] (Microsoft Corporation)
3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2009-07-13] (Microsoft Corporation)
3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2009-07-13] (Microsoft Corporation)
2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard)
1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-13] (Microsoft Corporation)
1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [259072 2009-07-13] (Microsoft Corporation)
3 Netlogon; C:\Windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
3 Netman; C:\Windows\System32\netman.dll [360448 2009-07-13] (Microsoft Corporation)
3 netprofm; C:\Windows\System32\netprofm.dll [459776 2009-07-13] (Microsoft Corporation)
4 NetTcpPortSharing; "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" [116560 2009-06-10] (Microsoft Corporation)
3 nfrd960; C:\Windows\System32\DRIVERS\nfrd960.sys [51264 2009-07-13] (IBM Corporation)
2 NlaSvc; C:\Windows\System32\nlasvc.dll [302080 2009-07-13] (Microsoft Corporation)
1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-13] (Microsoft Corporation)
2 nsi; C:\Windows\System32\nsisvc.dll [25600 2009-07-13] (Microsoft Corporation)
1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-13] (Microsoft Corporation)
3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1659984 2009-07-13] (Microsoft Corporation)
1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-13] (Microsoft Corporation)
3 nvraid; C:\Windows\System32\DRIVERS\nvraid.sys [149056 2009-07-13] (NVIDIA Corporation)
3 nvstor; C:\Windows\System32\DRIVERS\nvstor.sys [167488 2009-07-13] (NVIDIA Corporation)
3 nv_agp; C:\Windows\System32\DRIVERS\nv_agp.sys [122960 2009-07-13] (Microsoft Corporation)
3 ohci1394; C:\Windows\System32\DRIVERS\ohci1394.sys [72832 2009-07-13] (Microsoft Corporation)
3 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [149352 2010-01-09] (Microsoft Corporation)
3 osppsvc; "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [4925184 2010-01-09] (Microsoft Corporation)
3 p2pimsvc; C:\Windows\System32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation)
3 p2psvc; C:\Windows\System32\p2psvc.dll [438784 2009-07-13] (Microsoft Corporation)
3 Parport; C:\Windows\System32\DRIVERS\parport.sys [97280 2009-07-13] (Microsoft Corporation)
0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75840 2009-07-13] (Microsoft Corporation)
2 PcaSvc; C:\Windows\System32\pcasvc.dll [186368 2009-07-13] (Microsoft Corporation)
0 pci; C:\Windows\System32\DRIVERS\pci.sys [183872 2009-07-13] (Microsoft Corporation)
3 pciide; C:\Windows\System32\DRIVERS\pciide.sys [12352 2009-07-13] (Microsoft Corporation)
3 pcmcia; C:\Windows\System32\DRIVERS\pcmcia.sys [220752 2009-07-13] (Microsoft Corporation)
0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-13] (Microsoft Corporation)
2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-13] (Microsoft Corporation)
3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation)
3 pla; C:\Windows\System32\pla.dll [1390080 2009-07-13] (Microsoft Corporation)
2 PlugPlay; C:\Windows\System32\umpnpmgr.dll [404480 2009-07-13] (Microsoft Corporation)
2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard)
3 PNRPAutoReg; C:\Windows\System32\pnrpauto.dll [25088 2009-07-13] (Microsoft Corporation)
3 PNRPsvc; C:\Windows\System32\pnrpsvc.dll [327168 2009-07-13] (Microsoft Corporation)
3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [500224 2009-07-13] (Microsoft Corporation)
2 Power; C:\Windows\System32\umpo.dll [163840 2009-07-13] (Microsoft Corporation)
3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111616 2009-07-13] (Microsoft Corporation)
3 Processor; C:\Windows\System32\DRIVERS\processr.sys [60416 2009-07-13] (Microsoft Corporation)
2 ProfSvc; C:\Windows\System32\profsvc.dll [208384 2009-07-13] (Microsoft Corporation)
3 ProtectedStorage; C:\Windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2009-07-13] (Microsoft Corporation)
0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [55280 2009-07-09] (Sonic Solutions)
3 ql2300; C:\Windows\System32\DRIVERS\ql2300.sys [1524816 2009-07-13] (QLogic Corporation)
3 ql40xx; C:\Windows\System32\DRIVERS\ql40xx.sys [128592 2009-07-13] (QLogic Corporation)
3 QWAVE; C:\Windows\system32\qwave.dll [242688 2009-07-13] (Microsoft Corporation)
3 QWAVEdrv; C:\Windows\System32\drivers\qwavedrv.sys [46592 2009-07-13] (Microsoft Corporation)
3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-13] (Microsoft Corporation)
3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-13] (Microsoft Corporation)
3 RasAuto; C:\Windows\System32\rasauto.dll [99328 2009-07-13] (Microsoft Corporation)
3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [130048 2009-07-13] (Microsoft Corporation)
3 RasMan; C:\Windows\System32\rasmans.dll [343552 2009-07-13] (Microsoft Corporation)
3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-13] (Microsoft Corporation)
3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-13] (Microsoft Corporation)
1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2009-07-13] (Microsoft Corporation)
3 rdpbus; C:\Windows\System32\DRIVERS\rdpbus.sys [24064 2009-07-13] (Microsoft Corporation)
1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-13] (Microsoft Corporation)
1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-13] (Microsoft Corporation)
1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-13] (Microsoft Corporation)
3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [204800 2009-07-13] (Microsoft Corporation)
0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [214096 2009-07-13] (Microsoft Corporation)
4 RemoteAccess; C:\Windows\System32\mprdim.dll [97792 2009-07-13] (Microsoft Corporation)
3 RemoteRegistry; C:\Windows\System32\regsvc.dll [159232 2009-07-13] (Microsoft Corporation)
3 RoxMediaDB10; "c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [1124848 2009-06-26] (Sonic Solutions)
2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-13] (Microsoft Corporation)
3 RpcLocator; C:\Windows\System32\locator.exe [10240 2009-07-13] (Microsoft Corporation)
2 RpcSs; C:\Windows\System32\rpcss.dll [509440 2009-07-13] (Microsoft Corporation)
2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-13] (Microsoft Corporation)
2 SamSs; C:\Windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
3 sbp2port; C:\Windows\System32\DRIVERS\sbp2port.sys [104016 2009-07-13] (Microsoft Corporation)
3 SCardSvr; C:\Windows\System32\SCardSvr.dll [190976 2009-07-13] (Microsoft Corporation)
3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2009-07-13] (Microsoft Corporation)
2 Schedule; C:\Windows\System32\schedsvc.dll [1114624 2010-11-01] (Microsoft Corporation)
3 SCPolicySvc; C:\Windows\System32\certprop.dll [80384 2009-07-13] (Microsoft Corporation)
3 SDRSVC; C:\Windows\System32\SDRSVC.dll [170496 2009-07-13] (Microsoft Corporation)
2 SeaPort; "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [249136 2010-09-22] (Microsoft Corporation)
2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
3 seclogon; C:\Windows\system32\seclogon.dll [30720 2009-07-13] (Microsoft Corporation)
2 SENS; C:\Windows\System32\sens.dll [64512 2009-07-13] (Microsoft Corporation)
3 SensrSvc; C:\Windows\System32\sensrsvc.dll [29184 2009-07-13] (Microsoft Corporation)
3 Serenum; C:\Windows\System32\DRIVERS\serenum.sys [23552 2009-07-13] (Microsoft Corporation)
3 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Microsoft Corporation)
3 sermouse; C:\Windows\System32\DRIVERS\sermouse.sys [26624 2009-07-13] (Microsoft Corporation)
3 SessionEnv; C:\Windows\System32\sessenv.dll [104960 2009-07-13] (Microsoft Corporation)
3 sffdisk; C:\Windows\System32\DRIVERS\sffdisk.sys [14336 2009-07-13] (Microsoft Corporation)
3 sffp_mmc; C:\Windows\System32\DRIVERS\sffp_mmc.sys [13824 2009-07-13] (Microsoft Corporation)
3 sffp_sd; C:\Windows\System32\DRIVERS\sffp_sd.sys [14336 2010-07-21] (Microsoft Corporation)
3 sfloppy; C:\Windows\System32\DRIVERS\sfloppy.sys [16896 2009-07-13] (Microsoft Corporation)
4 SharedAccess; C:\Windows\System32\ipnathlp.dll [359424 2009-07-13] (Microsoft Corporation)
2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [369664 2009-07-13] (Microsoft Corporation)
3 SiSRaid2; C:\Windows\System32\DRIVERS\SiSRaid2.sys [43584 2009-07-13] (Silicon Integrated Systems Corp.)
3 SiSRaid4; C:\Windows\System32\DRIVERS\sisraid4.sys [80464 2009-07-13] (Silicon Integrated Systems)
3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-13] (Microsoft Corporation)
3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2009-07-13] (Microsoft Corporation)
0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-13] (Microsoft Corporation)
2 Spooler; C:\Windows\System32\spoolsv.exe [558592 2010-08-21] (Microsoft Corporation)
2 sppsvc; C:\Windows\System32\sppsvc.exe [3524608 2009-07-13] (Microsoft Corporation)
3 sppuinotify; C:\Windows\System32\sppuinotify.dll [65536 2009-07-13] (Microsoft Corporation)
2 sprtsvc_DellSupportCenter; "C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe" /service /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.)
2 SQLBrowser; "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [239968 2008-11-24] (Microsoft Corporation)
2 SQLWriter; "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [153952 2008-11-25] (Microsoft Corporation)
3 srv; C:\Windows\System32\DRIVERS\srv.sys [463360 2010-08-26] (Microsoft Corporation)
3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [402944 2010-08-26] (Microsoft Corporation)
3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [161792 2010-08-26] (Microsoft Corporation)
3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [193024 2009-07-13] (Microsoft Corporation)
3 SstpSvc; C:\Windows\System32\sstpsvc.dll [75264 2009-07-13] (Microsoft Corporation)
3 stexstor; C:\Windows\System32\DRIVERS\stexstor.sys [24656 2009-07-13] (Promise Technology)
2 stisvc; C:\Windows\System32\wiaservc.dll [578560 2009-07-13] (Microsoft Corporation)
3 stllssvr; "c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [74392 2009-04-30] (MicroVision Development, Inc.)
3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12496 2009-07-13] (Microsoft Corporation)
3 swprv; C:\Windows\System32\swprv.dll [524288 2009-07-13] (Microsoft Corporation)
2 SysMain; C:\Windows\System32\sysmain.dll [1780736 2009-07-13] (Microsoft Corporation)
3 TabletInputService; C:\Windows\System32\TabSvc.dll [93184 2009-07-13] (Microsoft Corporation)
3 TapiSrv; C:\Windows\System32\tapisrv.dll [316416 2009-07-13] (Microsoft Corporation)
3 TBS; C:\Windows\System32\tbssvc.dll [65536 2009-07-13] (Microsoft Corporation)
0 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1896832 2010-06-14] (Microsoft Corporation)
3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1896832 2010-06-14] (Microsoft Corporation)
2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [44544 2009-07-13] (Microsoft Corporation)
3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-13] (Microsoft Corporation)
3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2009-07-13] (Microsoft Corporation)
1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [99840 2009-07-13] (Microsoft Corporation)
1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [62544 2009-07-13] (Microsoft Corporation)
3 TermService; C:\Windows\System32\termsrv.dll [706560 2009-07-13] (Microsoft Corporation)
2 Themes; C:\Windows\System32\themeservice.dll [44544 2009-07-13] (Microsoft Corporation)
3 THREADORDER; C:\Windows\System32\mmcss.dll [67584 2009-07-13] (Microsoft Corporation)
2 TrkWks; C:\Windows\System32\trkwks.dll [119808 2009-07-13] (Microsoft Corporation)
3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [194048 2009-07-13] (Microsoft Corporation)
3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [38400 2009-07-13] (Microsoft Corporation)
3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2009-07-13] (Microsoft Corporation)
3 uagp35; C:\Windows\System32\DRIVERS\uagp35.sys [64080 2009-07-13] (Microsoft Corporation)
4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [327680 2010-07-21] (Microsoft Corporation)
3 UI0Detect; C:\Windows\System32\UI0Detect.exe [40960 2009-07-13] (Microsoft Corporation)
3 uliagpkx; C:\Windows\System32\DRIVERS\uliagpkx.sys [64592 2009-07-13] (Microsoft Corporation)
3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2009-07-13] (Microsoft Corporation)
3 UmPass; C:\Windows\System32\DRIVERS\umpass.sys [9728 2009-07-13] (Microsoft Corporation)
3 upnphost; C:\Windows\System32\upnphost.dll [353792 2009-07-13] (Microsoft Corporation)
3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [50688 2010-04-19] (Apple, Inc.)
3 usbaudio; C:\Windows\System32\drivers\usbaudio.sys [109568 2009-07-13] (Microsoft Corporation)
3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [98816 2009-07-13] (Microsoft Corporation)
3 usbcir; C:\Windows\System32\DRIVERS\usbcir.sys [100352 2009-07-13] (Microsoft Corporation)
3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [51712 2010-07-21] (Microsoft Corporation)
3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2010-07-21] (Microsoft Corporation)
3 usbohci; C:\Windows\System32\DRIVERS\usbohci.sys [25600 2009-07-13] (Microsoft Corporation)
3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-13] (Microsoft Corporation)
3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [89600 2009-07-13] (Microsoft Corporation)
3 usbuhci; C:\Windows\System32\DRIVERS\usbuhci.sys [30720 2009-07-13] (Microsoft Corporation)
3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [184832 2010-07-21] (Microsoft Corporation)
2 UxSms; C:\Windows\System32\uxsms.dll [38912 2009-07-13] (Microsoft Corporation)
3 VaultSvc; C:\Windows\System32\lsass.exe [31232 2009-07-13] (Microsoft Corporation)
0 vdrvroot; C:\Windows\System32\DRIVERS\vdrvroot.sys [36432 2009-07-13] (Microsoft Corporation)
3 vds; C:\Windows\System32\vds.exe [532480 2009-07-13] (Microsoft Corporation)
3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-13] (Microsoft Corporation)
1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-13] (Microsoft Corporation)
3 vhdmp; C:\Windows\System32\DRIVERS\vhdmp.sys [217680 2009-07-13] (Microsoft Corporation)
3 viaide; C:\Windows\System32\DRIVERS\viaide.sys [17488 2009-07-13] (VIA Technologies, Inc.)
0 volmgr; C:\Windows\System32\DRIVERS\volmgr.sys [71760 2009-07-13] (Microsoft Corporation)
0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363584 2009-07-13] (Microsoft Corporation)
0 volsnap; C:\Windows\System32\DRIVERS\volsnap.sys [294992 2009-07-13] (Microsoft Corporation)
3 vsmraid; C:\Windows\System32\DRIVERS\vsmraid.sys [161872 2009-07-13] (VIA Technologies Inc.,Ltd)
3 VSS; C:\Windows\System32\vssvc.exe [1598976 2009-07-13] (Microsoft Corporation)
3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [24576 2009-07-13] (Microsoft Corporation)
3 W32Time; C:\Windows\System32\w32time.dll [381952 2009-07-13] (Microsoft Corporation)
3 WacomPen; C:\Windows\System32\DRIVERS\wacompen.sys [27776 2009-07-13] (Microsoft Corporation)
3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2009-07-13] (Microsoft Corporation)
1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2009-07-13] (Microsoft Corporation)
3 WatAdminSvc; C:\Windows\System32\Wat\WatAdminSvc.exe [1255736 2010-08-15] (Microsoft Corporation)
3 wbengine; "C:\Windows\system32\wbengine.exe" [1503744 2009-07-13] (Microsoft Corporation)
3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [202240 2009-07-13] (Microsoft Corporation)
3 wcncsvc; C:\Windows\System32\wcncsvc.dll [366592 2009-07-13] (Microsoft Corporation)
3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [40960 2009-07-13] (Microsoft Corporation)
3 Wd; C:\Windows\System32\DRIVERS\wd.sys [21056 2009-07-13] (Microsoft Corporation)
0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [654928 2009-07-13] (Microsoft Corporation)
3 WdiServiceHost; C:\Windows\System32\wdi.dll [90624 2009-07-13] (Microsoft Corporation)
3 WdiSystemHost; C:\Windows\System32\wdi.dll [90624 2009-07-13] (Microsoft Corporation)
3 WebClient; C:\Windows\System32\webclnt.dll [254464 2009-07-13] (Microsoft Corporation)
3 Wecsvc; C:\Windows\System32\wecsvc.dll [237568 2009-07-13] (Microsoft Corporation)
3 wercplsupport; C:\Windows\System32\wercplsupport.dll [84480 2009-07-13] (Microsoft Corporation)
3 WerSvc; C:\Windows\System32\WerSvc.dll [76800 2009-07-13] (Microsoft Corporation)
1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-13] (Microsoft Corporation)
3 WimFltr; C:\Windows\System32\DRIVERS\wimfltr.sys [151656 2006-11-01] (Microsoft Corporation)
3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-13] (Microsoft Corporation)
2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
3 WinHttpAutoProxySvc; C:\Windows\System32\winhttp.dll [438784 2009-07-13] (Microsoft Corporation)
2 Winmgmt; C:\Windows\System32\wbem\WMIsvc.dll [242688 2009-07-13] (Microsoft Corporation)
3 WinRM; C:\Windows\System32\WsmSvc.dll [2018816 2009-07-13] (Microsoft Corporation)
3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [41472 2010-07-21] (Microsoft Corporation)
3 Wlansvc; C:\Windows\System32\wlansvc.dll [886784 2009-07-13] (Microsoft Corporation)
2 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [2286976 2010-09-21] (Microsoft Corp.)
3 WmiAcpi; C:\Windows\System32\DRIVERS\wmiacpi.sys [14336 2009-07-13] (Microsoft Corporation)
3 wmiApSrv; C:\Windows\System32\wbem\WmiApSrv.exe [203264 2009-07-13] (Microsoft Corporation)
2 WMPNetworkSvc; "C:\Program Files\Windows Media Player\wmpnetwk.exe" [1525248 2009-07-13] (Microsoft Corporation)
3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-13] (Microsoft Corporation)
3 WPDBusEnum; C:\Windows\System32\wpdbusenum.dll [116736 2009-07-13] (Microsoft Corporation)
4 ws2ifsl; C:\Windows\System32\drivers\ws2ifsl.sys [21504 2009-07-13] (Microsoft Corporation)
2 wscsvc; C:\Windows\System32\wscsvc.dll [97280 2009-07-13] (Microsoft Corporation)
2 WSearch; C:\Windows\System32\SearchIndexer.exe /Embedding [593408 2009-07-13] (Microsoft Corporation)
2 wuauserv; C:\Windows\System32\wuaueng.dll [2418176 2009-07-13] (Microsoft Corporation)
3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [112640 2010-07-21] (Microsoft Corporation)
3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [172544 2010-07-21] (Microsoft Corporation)
2 wudfsvc; C:\Windows\System32\WUDFSvc.dll [78848 2010-07-21] (Microsoft Corporation)
3 WwanSvc; C:\Windows\System32\wwansvc.dll [229888 2009-07-13] (Microsoft Corporation)
1 RxFilter; [x]
2 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]

========================= NetSvcs ============================

============ One Month Created Files and foledrs ============

2011-01-22 15:14 - 2011-01-22 15:14 - 0000000 ____D C:\FRST
2011-01-08 17:31 - 2011-01-08 17:31 - 0000000 ____A C:\Windows\Minidump\010811-28750-01.dmp
2011-01-08 17:29 - 2011-01-08 17:29 - 0275168 ____A C:\Windows\Minidump\010811-16676-01.dmp
2011-01-08 17:27 - 2011-01-08 17:27 - 0270864 ____A C:\Windows\Minidump\010811-32744-01.dmp
2011-01-08 17:24 - 2011-01-08 17:24 - 0270864 ____A C:\Windows\Minidump\010811-14835-01.dmp
2011-01-08 17:06 - 2011-01-08 17:06 - 0275224 ____A C:\Windows\Minidump\010811-17877-01.dmp
2011-01-08 17:03 - 2011-01-08 17:03 - 0270864 ____A C:\Windows\Minidump\010811-17690-01.dmp
2011-01-08 17:02 - 2011-01-08 17:31 - 333296139 ____A C:\Windows\MEMORY.DMP
2011-01-08 17:02 - 2011-01-08 17:31 - 0000000 ____D C:\Windows\Minidump
2011-01-08 17:02 - 2011-01-08 17:29 - 0863742 ____A C:\Windows\ntbtlog.txt
2011-01-08 17:02 - 2011-01-08 17:02 - 0275224 ____A C:\Windows\Minidump\010811-17628-01.dmp
2011-01-08 16:59 - 2011-01-08 16:59 - 0009447 ____A C:\Windows\??H???????????l????????????????????u???????????????y????2????U????????????????????P??????W
2011-01-08 16:59 - 2011-01-08 16:59 - 0007878 ____A C:\Windows\???V???J????y?????????S????b?????????t???5??????????????????????H??H???????????l????????????????????u???????????????y????2????U????????????????????P??????W
2011-01-08 16:59 - 2011-01-08 16:59 - 0007018 ____A C:\Windows\???1????4??S?????????????2??n??????????r?????7??S???????1????e??????????????????????p????r????h????????G???
2011-01-08 16:59 - 2011-01-08 16:59 - 0006430 ____A C:\Windows\?????????????4???1????4??S?????????????2??n??????????r?????7??S???????1????e??????????????????????p????r????h????????G???
2011-01-08 16:59 - 2011-01-08 16:59 - 0006290 ____A C:\Windows\???J????y?????????S????b?????????t???5??????????????????????H??H???????????l????????????????????u???????????????y????2????U????????????????????P??????W
2011-01-08 16:59 - 2011-01-08 16:59 - 0006072 ____A C:\Windows\??n??????????r?????7??S???????1????e??????????????????????p????r????h????????G???
2011-01-08 16:59 - 2011-01-08 16:59 - 0005852 ____A C:\Windows\??????????????j?????????????4???1????4??S?????????????2??n??????????r?????7??S???????1????e??????????????????????p????r????h????????G???
2011-01-08 16:59 - 2011-01-08 16:59 - 0000903 ____A C:\Windows\????????G???
2011-01-08 14:46 - 2011-01-08 15:05 - 413919232 ____A C:\Users\todd\Desktop\Photoshop_CS5.iso.part
2011-01-08 14:46 - 2011-01-08 14:46 - 0000000 ____A C:\Users\todd\Desktop\Photoshop_CS5.iso
2011-01-08 14:37 - 2011-01-08 14:37 - 0000000 ____A C:\Users\todd\Application Data\chrtmp
2011-01-08 14:37 - 2011-01-08 14:37 - 0000000 ____A C:\Users\todd\AppData\Roaming\chrtmp
2011-01-08 14:25 - 2011-01-08 14:25 - 0254528 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2011-01-08 14:25 - 2011-01-08 14:25 - 0000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2011-01-08 14:24 - 2011-01-08 14:28 - 0000000 ____D C:\Users\todd\Application Data\DAEMON Tools Lite
2011-01-08 14:24 - 2011-01-08 14:28 - 0000000 ____D C:\Users\todd\AppData\Roaming\DAEMON Tools Lite
2011-01-08 14:24 - 2011-01-08 14:24 - 0000000 ____D C:\Users\All Users\DAEMON Tools Lite
2011-01-08 14:24 - 2011-01-08 14:24 - 0000000 ____D C:\Users\All Users\Application Data\DAEMON Tools Lite
2011-01-08 14:24 - 2011-01-08 14:24 - 0000000 ____D C:\ProgramData\DAEMON Tools Lite
2011-01-08 12:38 - 2011-01-08 16:06 - 0000000 ____D C:\Users\todd\Desktop\CS5
2011-01-01 08:42 - 2011-01-01 08:42 - 0273521 ____A C:\Users\todd\Desktop\Tarjeta Navidad.pdf
2010-12-29 20:58 - 2010-12-29 21:02 - 0016739 ____A C:\Users\todd\Desktop\Corky.docx
2010-12-28 20:46 - 2010-12-28 20:46 - 0109056 ____A C:\Users\todd\Desktop\TSwannack CV_2010.01(2).doc

============ 3 Months Modified Files and foledrs =============

2011-01-22 15:14 - 2011-01-22 15:14 - 0000000 ____D C:\FRST
2011-01-08 17:31 - 2011-01-08 17:31 - 0000000 ____A C:\Windows\Minidump\010811-28750-01.dmp
2011-01-08 17:31 - 2011-01-08 17:02 - 333296139 ____A C:\Windows\MEMORY.DMP
2011-01-08 17:31 - 2011-01-08 17:02 - 0000000 ____D C:\Windows\Minidump
2011-01-08 17:31 - 2009-07-13 22:51 - 0076216 ____A C:\Windows\setupact.log
2011-01-08 17:30 - 2010-07-21 09:04 - 504688640 __ASH C:\hiberfil.sys
2011-01-08 17:29 - 2011-01-08 17:29 - 0275168 ____A C:\Windows\Minidump\010811-16676-01.dmp
2011-01-08 17:29 - 2011-01-08 17:02 - 0863742 ____A C:\Windows\ntbtlog.txt
2011-01-08 17:27 - 2011-01-08 17:27 - 0270864 ____A C:\Windows\Minidump\010811-32744-01.dmp
2011-01-08 17:24 - 2011-01-08 17:24 - 0270864 ____A C:\Windows\Minidump\010811-14835-01.dmp
2011-01-08 17:10 - 2009-07-13 23:13 - 0792124 ____A C:\Windows\System32\PerfStringBackup.INI
2011-01-08 17:10 - 2009-07-13 20:36 - 0670648 ____A C:\Windows\System32\perfh009.dat
2011-01-08 17:10 - 2009-07-13 20:36 - 0123958 ____A C:\Windows\System32\perfc009.dat
2011-01-08 17:06 - 2011-01-08 17:06 - 0275224 ____A C:\Windows\Minidump\010811-17877-01.dmp
2011-01-08 17:06 - 2010-07-21 09:04 - 0055034 ____A C:\Windows\PFRO.log
2011-01-08 17:05 - 2009-07-13 23:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-01-08 17:03 - 2011-01-08 17:03 - 0270864 ____A C:\Windows\Minidump\010811-17690-01.dmp
2011-01-08 17:02 - 2011-01-08 17:02 - 0275224 ____A C:\Windows\Minidump\010811-17628-01.dmp
2011-01-08 16:59 - 2011-01-08 16:59 - 0009447 ____A C:\Windows\??H???????????l????????????????????u???????????????y????2????U????????????????????P??????W
2011-01-08 16:59 - 2011-01-08 16:59 - 0007878 ____A C:\Windows\???V???J????y?????????S????b?????????t???5??????????????????????H??H???????????l????????????????????u???????????????y????2????U????????????????????P??????W
2011-01-08 16:59 - 2011-01-08 16:59 - 0007018 ____A C:\Windows\???1????4??S?????????????2??n??????????r?????7??S???????1????e??????????????????????p????r????h????????G???
2011-01-08 16:59 - 2011-01-08 16:59 - 0006430 ____A C:\Windows\?????????????4???1????4??S?????????????2??n??????????r?????7??S???????1????e??????????????????????p????r????h????????G???
2011-01-08 16:59 - 2011-01-08 16:59 - 0006290 ____A C:\Windows\???J????y?????????S????b?????????t???5??????????????????????H??H???????????l????????????????????u???????????????y????2????U????????????????????P??????W
2011-01-08 16:59 - 2011-01-08 16:59 - 0006072 ____A C:\Windows\??n??????????r?????7??S???????1????e??????????????????????p????r????h????????G???
2011-01-08 16:59 - 2011-01-08 16:59 - 0005852 ____A C:\Windows\??????????????j?????????????4???1????4??S?????????????2??n??????????r?????7??S???????1????e??????????????????????p????r????h????????G???
2011-01-08 16:59 - 2011-01-08 16:59 - 0000903 ____A C:\Windows\????????G???
2011-01-08 16:53 - 2010-11-07 12:10 - 0000000 ____D C:\Users\todd\Local Settings\QuickPar
2011-01-08 16:53 - 2010-11-07 12:10 - 0000000 ____D C:\Users\todd\Local Settings\Application Data\QuickPar
2011-01-08 16:53 - 2010-11-07 12:10 - 0000000 ____D C:\Users\todd\AppData\Local\QuickPar
2011-01-08 16:07 - 2010-08-17 18:20 - 0000000 ____D C:\Users\todd\Local Settings\Application Data\Adobe
2011-01-08 16:07 - 2010-08-17 18:20 - 0000000 ____D C:\Users\todd\Local Settings\Adobe
2011-01-08 16:07 - 2010-08-17 18:20 - 0000000 ____D C:\Users\todd\AppData\Local\Adobe
2011-01-08 16:06 - 2011-01-08 12:38 - 0000000 ____D C:\Users\todd\Desktop\CS5
2011-01-08 15:05 - 2011-01-08 14:46 - 413919232 ____A C:\Users\todd\Desktop\Photoshop_CS5.iso.part
2011-01-08 14:46 - 2011-01-08 14:46 - 0000000 ____A C:\Users\todd\Desktop\Photoshop_CS5.iso
2011-01-08 14:37 - 2011-01-08 14:37 - 0000000 ____A C:\Users\todd\Application Data\chrtmp
2011-01-08 14:37 - 2011-01-08 14:37 - 0000000 ____A C:\Users\todd\AppData\Roaming\chrtmp
2011-01-08 14:28 - 2011-01-08 14:24 - 0000000 ____D C:\Users\todd\Application Data\DAEMON Tools Lite
2011-01-08 14:28 - 2011-01-08 14:24 - 0000000 ____D C:\Users\todd\AppData\Roaming\DAEMON Tools Lite
2011-01-08 14:25 - 2011-01-08 14:25 - 0254528 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
2011-01-08 14:25 - 2011-01-08 14:25 - 0000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2011-01-08 14:25 - 2009-07-13 21:20 - 0000000 ___RD C:\Program Files (x86)
2011-01-08 14:25 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\DriverStore
2011-01-08 14:24 - 2011-01-08 14:24 - 0000000 ____D C:\Users\All Users\DAEMON Tools Lite
2011-01-08 14:24 - 2011-01-08 14:24 - 0000000 ____D C:\Users\All Users\Application Data\DAEMON Tools Lite
2011-01-08 14:24 - 2011-01-08 14:24 - 0000000 ____D C:\ProgramData\DAEMON Tools Lite
2011-01-08 08:16 - 2009-07-13 22:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-01-08 08:16 - 2009-07-13 22:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-01-08 08:12 - 2009-07-13 23:10 - 1306029 ____A C:\Windows\WindowsUpdate.log
2011-01-07 17:07 - 2010-11-26 10:30 - 0000000 ___HD C:\Config.Msi
2011-01-06 20:45 - 2010-08-15 11:24 - 12818274 ___AH C:\Users\todd\Local Settings\IconCache.db
2011-01-06 20:45 - 2010-08-15 11:24 - 12818274 ___AH C:\Users\todd\Local Settings\Application Data\IconCache.db
2011-01-06 20:45 - 2010-08-15 11:24 - 12818274 ___AH C:\Users\todd\AppData\Local\IconCache.db
2011-01-06 18:06 - 2010-08-17 18:02 - 0000000 ____D C:\Program Files (x86)\QuickTime
2011-01-06 17:13 - 2010-07-21 07:20 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2011-01-01 08:42 - 2011-01-01 08:42 - 0273521 ____A C:\Users\todd\Desktop\Tarjeta Navidad.pdf
2010-12-29 21:02 - 2010-12-29 20:58 - 0016739 ____A C:\Users\todd\Desktop\Corky.docx
2010-12-29 21:02 - 2010-08-22 10:41 - 0025088 ____A C:\Users\todd\Desktop\Albums.doc
2010-12-28 20:46 - 2010-12-28 20:46 - 0109056 ____A C:\Users\todd\Desktop\TSwannack CV_2010.01(2).doc
2010-12-28 18:19 - 2010-11-07 12:27 - 0000000 ____D C:\Users\todd\Desktop\LT2
2010-12-20 20:49 - 2010-12-17 21:32 - 0000000 ____D C:\Program Files (x86)\ClamWin
2010-12-19 13:03 - 2010-12-19 13:03 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-12-19 11:56 - 2010-08-22 08:19 - 0041472 ____A C:\Users\todd\Desktop\Garret & Emi Music.xls
2010-12-19 08:08 - 2010-12-19 08:08 - 0220944 ____A C:\Users\todd\Desktop\2010 kids mix play list 001.jpg
2010-12-17 22:00 - 2010-09-27 20:24 - 0017085 ____A C:\Users\todd\Desktop\Potential names.docx
2010-12-17 21:33 - 2010-12-17 21:32 - 0000000 ____D C:\Users\todd\Application Data\.clamwin
2010-12-17 21:33 - 2010-12-17 21:32 - 0000000 ____D C:\Users\todd\AppData\Roaming\.clamwin
2010-12-17 21:32 - 2010-12-17 21:32 - 0000000 ____D C:\Users\All Users\Application Data\.clamwin
2010-12-17 21:32 - 2010-12-17 21:32 - 0000000 ____D C:\Users\All Users\.clamwin
2010-12-17 21:32 - 2010-12-17 21:32 - 0000000 ____D C:\ProgramData\.clamwin
2010-12-17 21:31 - 2010-11-26 10:16 - 0000000 ____D C:\Program Files (x86)\HP
2010-12-17 21:29 - 2010-08-15 09:44 - 0102032 ____A C:\Users\todd\Local Settings\GDIPFONTCACHEV1.DAT
2010-12-17 21:29 - 2010-08-15 09:44 - 0102032 ____A C:\Users\todd\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-12-17 21:29 - 2010-08-15 09:44 - 0102032 ____A C:\Users\todd\AppData\Local\GDIPFONTCACHEV1.DAT
2010-12-17 21:29 - 2009-07-13 23:08 - 0032590 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2010-12-17 21:29 - 2009-07-13 22:45 - 0391280 ____A C:\Windows\System32\FNTCACHE.DAT
2010-12-17 21:28 - 2010-11-26 10:28 - 0007600 ____A C:\Users\All Users\hpzinstall.log
2010-12-17 21:28 - 2010-11-26 10:28 - 0007600 ____A C:\Users\All Users\Application Data\hpzinstall.log
2010-12-17 21:28 - 2010-11-26 10:28 - 0007600 ____A C:\ProgramData\hpzinstall.log
2010-12-17 21:21 - 2010-11-26 10:28 - 0000000 ____D C:\Users\All Users\HP
2010-12-17 21:21 - 2010-11-26 10:28 - 0000000 ____D C:\Users\All Users\Application Data\HP
2010-12-17 21:21 - 2010-11-26 10:28 - 0000000 ____D C:\ProgramData\HP
2010-12-17 21:19 - 2010-07-21 07:25 - 0000000 ____D C:\Users\All Users\McAfee
2010-12-17 21:19 - 2010-07-21 07:25 - 0000000 ____D C:\Users\All Users\Application Data\McAfee
2010-12-17 21:19 - 2010-07-21 07:25 - 0000000 ____D C:\ProgramData\McAfee
2010-12-17 21:19 - 2010-07-21 07:25 - 0000000 ____D C:\Program Files (x86)\McAfee
2010-12-15 18:36 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\rescache
2010-12-14 20:37 - 2010-08-15 17:27 - 0000000 ____D C:\Users\All Users\Microsoft Help
2010-12-14 20:37 - 2010-08-15 17:27 - 0000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2010-12-14 20:37 - 2010-08-15 17:27 - 0000000 ____D C:\ProgramData\Microsoft Help
2010-12-14 20:36 - 2010-08-15 17:08 - 39298504 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2010-12-14 18:06 - 2010-11-13 18:05 - 0000000 ____D C:\Users\todd\Local Settings\ElevatedDiagnostics
2010-12-14 18:06 - 2010-11-13 18:05 - 0000000 ____D C:\Users\todd\Local Settings\Application Data\ElevatedDiagnostics
2010-12-14 18:06 - 2010-11-13 18:05 - 0000000 ____D C:\Users\todd\AppData\Local\ElevatedDiagnostics
2010-12-13 22:21 - 2010-12-05 10:31 - 0000000 ____D C:\Users\todd\Application Data\FileZilla
2010-12-13 22:21 - 2010-12-05 10:31 - 0000000 ____D C:\Users\todd\AppData\Roaming\FileZilla
2010-12-13 21:55 - 2010-12-13 21:31 - 0000000 ____D C:\Users\todd\Desktop\Cull0.285_12.12.2010 06.04.11
2010-12-13 19:07 - 2010-09-19 14:13 - 0000000 ____D C:\Users\todd\My Documents\Visual Studio 2008
2010-12-13 19:07 - 2010-09-19 14:13 - 0000000 ____D C:\Users\todd\Documents\Visual Studio 2008
2010-12-11 23:41 - 2010-08-15 10:02 - 0000000 ____D C:\PicTransfer
2010-12-11 16:55 - 2010-08-15 09:56 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2010-12-11 14:50 - 2010-12-11 13:04 - 0062976 ____A C:\Users\todd\Desktop\Bison paper for PARK REPORT.doc
2010-12-11 12:55 - 2010-12-11 12:55 - 0092160 ____A C:\Users\todd\Desktop\WC modeling report v1.doc
2010-12-11 10:26 - 2010-12-11 10:26 - 0071680 ____A C:\Users\todd\Desktop\Bison paper.doc
2010-12-05 10:31 - 2010-12-05 10:31 - 4251204 ____A C:\Users\todd\Desktop\FileZilla_3.3.5.1_win32-setup.exe
2010-12-05 10:31 - 2010-12-05 10:31 - 0000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2010-12-05 10:30 - 2010-12-05 10:30 - 0124793 ____A C:\Users\todd\Desktop\FTP Access.pdf
2010-12-05 09:27 - 2010-11-11 11:33 - 5631888 ____A C:\Users\todd\Local Settings\rx_image32.Cache
2010-12-05 09:27 - 2010-11-11 11:33 - 5631888 ____A C:\Users\todd\Local Settings\Application Data\rx_image32.Cache
2010-12-05 09:27 - 2010-11-11 11:33 - 5631888 ____A C:\Users\todd\AppData\Local\rx_image32.Cache
2010-12-05 09:27 - 2010-11-11 11:33 - 0419760 ____A C:\Users\todd\Local Settings\rx_audio.Cache
2010-12-05 09:27 - 2010-11-11 11:33 - 0419760 ____A C:\Users\todd\Local Settings\Application Data\rx_audio.Cache
2010-12-05 09:27 - 2010-11-11 11:33 - 0419760 ____A C:\Users\todd\AppData\Local\rx_audio.Cache
2010-12-03 18:00 - 2010-12-03 18:00 - 0000000 ____D C:\Program Files (x86)\Adobe
2010-12-03 18:00 - 2010-07-21 07:11 - 0000000 ____D C:\Users\All Users\Application Data\Adobe
2010-12-03 18:00 - 2010-07-21 07:11 - 0000000 ____D C:\Users\All Users\Adobe
2010-12-03 18:00 - 2010-07-21 07:11 - 0000000 ____D C:\ProgramData\Adobe
2010-11-29 17:38 - 2010-11-29 17:38 - 0094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2010-11-29 17:38 - 2010-11-29 17:38 - 0069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
2010-11-26 14:19 - 2010-08-15 09:44 - 0000000 ____D C:\Users\todd\AppData\LocalLow
2010-11-26 11:59 - 2010-11-26 11:59 - 0017526 ____A C:\Users\todd\Desktop\Amazon.docx
2010-11-26 10:38 - 2010-11-26 10:33 - 0000000 ____D C:\Users\todd\Application Data\HP
2010-11-26 10:38 - 2010-11-26 10:33 - 0000000 ____D C:\Users\todd\AppData\Roaming\HP
2010-11-26 10:33 - 2010-11-26 10:33 - 0000000 ____D C:\Users\All Users\WEBREG
2010-11-26 10:33 - 2010-11-26 10:33 - 0000000 ____D C:\Users\All Users\Application Data\WEBREG
2010-11-26 10:33 - 2010-11-26 10:33 - 0000000 ____D C:\ProgramData\WEBREG
2010-11-16 20:03 - 2010-11-16 20:03 - 0000000 ____D C:\Users\todd\Desktop\EMS Proposal
2010-11-13 18:04 - 2010-11-13 18:04 - 0012456 ____A C:\Users\todd\Desktop\Book1.xlsx
2010-11-13 17:35 - 2010-11-13 17:35 - 0000986 ____A C:\Users\todd\Desktop\MP3 list 2010.03.xlsx - Shortcut.lnk
2010-11-13 13:06 - 2010-11-13 13:05 - 0000000 ____D C:\Users\todd\Application Data\GARMIN
2010-11-13 13:06 - 2010-11-13 13:05 - 0000000 ____D C:\Users\todd\AppData\Roaming\GARMIN
2010-11-07 18:33 - 2010-11-07 08:45 - 0000000 ____D C:\Users\todd\Desktop\CDR
2010-11-07 15:00 - 2010-11-06 15:23 - 0000000 ____D C:\Installers
2010-11-07 12:41 - 2010-08-15 09:54 - 0000000 ____D C:\Users\todd\Application Data\Adobe
2010-11-07 12:41 - 2010-08-15 09:54 - 0000000 ____D C:\Users\todd\AppData\Roaming\Adobe
2010-11-07 12:40 - 2010-11-07 12:40 - 0000000 ____D C:\Program Files\Common Files\Adobe
2010-11-07 12:40 - 2010-11-07 12:40 - 0000000 ____D C:\Program Files\Adobe
2010-11-06 15:25 - 2010-11-06 15:25 - 0000000 ____D C:\Program Files\7-Zip
2010-11-06 15:23 - 2010-11-06 15:22 - 0000000 ____D C:\Program Files (x86)\QuickPar
2010-11-06 15:14 - 2010-09-09 19:48 - 0000000 ____D C:\Recipes
2010-11-06 11:20 - 2010-11-06 11:15 - 0140800 ____A C:\Users\todd\Desktop\CDR_EMS_Proposal_DRAFT V.2.0).doc
2010-11-06 10:59 - 2010-08-15 17:27 - 0000000 ____D C:\Users\todd\Local Settings\Microsoft Help
2010-11-06 10:59 - 2010-08-15 17:27 - 0000000 ____D C:\Users\todd\Local Settings\Application Data\Microsoft Help
2010-11-06 10:59 - 2010-08-15 17:27 - 0000000 ____D C:\Users\todd\AppData\Local\Microsoft Help
2010-11-06 10:44 - 2010-11-06 10:44 - 0089088 ____A C:\Users\todd\Desktop\TSwannack CV_2010.01.doc
2010-11-04 00:35 - 2010-12-14 17:18 - 1495040 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2010-11-04 00:35 - 2010-12-14 17:18 - 1194496 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2010-11-04 00:32 - 2010-12-14 17:18 - 9306624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2010-11-04 00:32 - 2010-12-14 17:18 - 1026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2010-11-04 00:32 - 2010-12-14 17:18 - 0703488 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2010-11-04 00:32 - 2010-12-14 17:18 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2010-11-04 00:32 - 2010-12-14 17:18 - 0082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2010-11-04 00:31 - 2010-12-14 17:18 - 2447872 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2010-11-04 00:31 - 2010-12-14 17:18 - 12369408 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2010-11-04 00:31 - 2010-12-14 17:18 - 0445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2010-11-04 00:31 - 2010-12-14 17:18 - 0256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2010-11-04 00:31 - 2010-12-14 17:18 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2010-11-04 00:31 - 2010-12-14 17:18 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2010-11-04 00:31 - 2010-12-14 17:18 - 0057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2010-11-04 00:28 - 2010-12-14 17:18 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2010-11-03 23:52 - 2010-12-14 17:18 - 1226752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2010-11-03 23:52 - 2010-12-14 17:18 - 0978944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2010-11-03 23:49 - 2010-12-14 17:18 - 5978112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2010-11-03 23:49 - 2010-12-14 17:18 - 0606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2010-11-03 23:49 - 2010-12-14 17:18 - 0599040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2010-11-03 23:49 - 2010-12-14 17:18 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2010-11-03 23:49 - 2010-12-14 17:18 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2010-11-03 23:48 - 2010-12-14 17:18 - 2063360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2010-11-03 23:48 - 2010-12-14 17:18 - 10989056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2010-11-03 23:48 - 2010-12-14 17:18 - 0381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2010-11-03 23:48 - 2010-12-14 17:18 - 0185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2010-11-03 23:48 - 2010-12-14 17:18 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2010-11-03 23:48 - 2010-12-14 17:18 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2010-11-03 23:48 - 2010-12-14 17:18 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2010-11-03 23:46 - 2010-12-14 17:18 - 0012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2010-11-03 23:16 - 2010-12-14 17:18 - 0482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2010-11-03 22:41 - 2010-12-14 17:18 - 0386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2010-11-03 22:35 - 2010-12-14 17:18 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2010-11-03 22:08 - 2010-12-14 17:18 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2010-11-01 23:18 - 2010-12-14 17:18 - 0524288 ____A (Microsoft Corporation) C:\Windows\System32\wmicmiplugin.dll
2010-11-01 23:17 - 2010-12-14 17:18 - 1169408 ____A (Microsoft Corporation) C:\Windows\System32\taskschd.dll
2010-11-01 23:17 - 2010-12-14 17:18 - 0473600 ____A (Microsoft Corporation) C:\Windows\System32\taskcomp.dll
2010-11-01 23:16 - 2010-12-14 17:18 - 1114624 ____A (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
2010-11-01 23:10 - 2010-12-14 17:18 - 0464384 ____A (Microsoft Corporation) C:\Windows\System32\taskeng.exe
2010-11-01 23:10 - 2010-12-14 17:18 - 0285696 ____A (Microsoft Corporation) C:\Windows\System32\schtasks.exe
2010-11-01 22:40 - 2010-12-14 17:18 - 0496128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll
2010-11-01 22:40 - 2010-12-14 17:18 - 0305152 ____A (Microsoft Corporation) C:\Windows\SysWOW64\taskcomp.dll
2010-11-01 22:34 - 2010-12-14 17:18 - 0192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2010-11-01 22:34 - 2010-12-14 17:18 - 0179712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2010-10-27 18:07 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\Microsoft.NET
2010-10-27 14:34 - 2010-10-27 14:34 - 0053456 ____A C:\Users\todd\Application Data\Done.exe
2010-10-27 14:34 - 2010-10-27 14:34 - 0053456 ____A C:\Users\todd\AppData\Roaming\Done.exe
2010-10-26 23:06 - 2010-12-14 17:18 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2010-10-26 22:32 - 2010-12-14 17:18 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2010-10-25 20:37 - 2010-10-25 20:37 - 12318708 ____A C:\Users\todd\Desktop\photosoflabandgoodleafcolors.zip
2010-10-25 16:24 - 2010-10-25 16:24 - 0000162 ___AH C:\Users\todd\Desktop\~$ sorry it.docx
2010-10-25 16:22 - 2010-10-25 16:22 - 0000000 ____D C:\Windows\en
2010-10-25 16:22 - 2010-07-21 07:17 - 0000000 ____D C:\Program Files (x86)\Windows Live
2010-10-25 16:21 - 2010-10-25 16:21 - 0000000 ____D C:\Program Files\Windows Live
2010-10-25 16:21 - 2009-07-13 21:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2010-10-25 16:20 - 2010-07-21 07:19 - 0069896 ____A C:\Windows\DirectX.log
2010-10-25 16:18 - 2010-10-25 16:18 - 0000000 ____D C:\Users\todd\Local Settings\Windows Live
2010-10-25 16:18 - 2010-10-25 16:18 - 0000000 ____D C:\Users\todd\Local Settings\Application Data\Windows Live
2010-10-25 16:18 - 2010-10-25 16:18 - 0000000 ____D C:\Users\todd\AppData\Local\Windows Live

============ Known DLLs ============

[2009-07-13 18:41] - [2009-07-13 19:40] - 0877056 ____A (Microsoft Corporation) C:\Windows\System32\advapi32.dll

[2009-07-13 18:20] - [2009-07-13 19:14] - 0640000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll

[2009-07-13 18:00] - [2009-07-13 19:40] - 0607744 ____A (Microsoft Corporation) C:\Windows\System32\clbcatq.dll

[2009-07-13 17:44] - [2009-07-13 19:15] - 0522240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\clbcatq.dll

[2009-07-13 17:55] - [2009-07-13 19:40] - 0595456 ____A (Microsoft Corporation) C:\Windows\System32\comdlg32.dll

[2009-07-13 17:39] - [2009-07-13 19:15] - 0486912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.dll

[2009-07-13 17:39] - [2009-07-13 19:40] - 0404480 ____A (Microsoft Corporation) C:\Windows\System32\gdi32.dll

[2009-07-13 17:25] - [2009-07-13 19:11] - 0310784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

[2010-12-14 17:18] - [2010-11-04 00:31] - 2447872 ____A (Microsoft Corporation) C:\Windows\System32\IERTUTIL.dll

[2010-12-14 17:18] - [2010-11-03 23:48] - 2063360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IERTUTIL.dll

[2009-07-13 18:13] - [2009-07-13 19:41] - 0076288 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll

[2009-07-13 17:57] - [2009-07-13 19:15] - 0154624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IMAGEHLP.dll

[2009-07-13 17:38] - [2009-07-13 19:41] - 0167424 ____A (Microsoft Corporation) C:\Windows\System32\IMM32.dll

[2009-07-13 17:25] - [2009-07-13 19:11] - 0119808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IMM32.dll

[2009-07-13 17:28] - [2009-07-13 19:41] - 1162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll

[2009-07-13 17:16] - [2009-07-13 19:11] - 0836608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

[2009-07-13 17:38] - [2009-07-13 19:41] - 0041984 ____A (Microsoft Corporation) C:\Windows\System32\LPK.dll

[2009-07-13 17:25] - [2009-07-13 19:11] - 0025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\LPK.dll

[2009-07-13 17:40] - [2009-07-13 19:41] - 1067008 ____A (Microsoft Corporation) C:\Windows\System32\MSCTF.dll

[2009-07-13 17:28] - [2009-07-13 19:15] - 0828928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCTF.dll

[2009-07-13 17:19] - [2009-07-13 19:41] - 0634880 ____A (Microsoft Corporation) C:\Windows\System32\MSVCRT.dll

[2009-07-13 17:12] - [2009-07-13 19:15] - 0690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSVCRT.dll

[2009-07-13 17:26] - [2009-07-13 19:31] - 0002560 ____A (Microsoft Corporation) C:\Windows\System32\NORMALIZ.dll

[2009-07-13 17:15] - [2009-07-13 19:09] - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\NORMALIZ.dll

[2009-07-13 17:21] - [2009-07-13 19:41] - 0013824 ____A (Microsoft Corporation) C:\Windows\System32\NSI.dll

[2009-07-13 17:12] - [2009-07-13 19:16] - 0008704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\NSI.dll

[2010-10-15 10:27] - [2010-06-28 23:39] - 2085376 ____A (Microsoft Corporation) C:\Windows\System32\ole32.dll

[2010-10-15 10:27] - [2010-06-28 23:02] - 1413632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll

[2010-08-24 16:39] - [2010-04-07 01:37] - 0861184 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll

[2010-08-24 16:39] - [2010-04-07 01:10] - 0571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll

[2009-07-13 17:26] - [2009-07-13 19:41] - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\PSAPI.dll

[2009-07-13 17:15] - [2009-07-13 19:16] - 0006144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\PSAPI.dll

[2009-07-13 17:23] - [2009-07-13 19:41] - 1221632 ____A (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll

[2009-07-13 17:12] - [2009-07-13 19:11] - 0662528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

[2009-07-13 17:20] - [2009-07-13 19:41] - 0113664 ____A (Microsoft Corporation) C:\Windows\System32\sechost.dll

[2009-07-13 17:11] - [2009-07-13 19:16] - 0092160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll

[2009-07-13 17:27] - [2009-07-13 19:41] - 1899520 ____A (Microsoft Corporation) C:\Windows\System32\Setupapi.dll

[2009-07-13 17:16] - [2009-07-13 19:16] - 1668608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Setupapi.dll

[2010-08-15 17:08] - [2010-07-27 08:59] - 14162944 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

[2010-08-15 17:08] - [2010-07-27 08:03] - 12867584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

[2009-07-13 17:55] - [2009-07-13 19:41] - 0449536 ____A (Microsoft Corporation) C:\Windows\System32\SHLWAPI.dll

[2009-07-13 17:39] - [2009-07-13 19:16] - 0350208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SHLWAPI.dll

[2010-12-14 17:18] - [2010-11-04 00:35] - 1495040 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

[2010-12-14 17:18] - [2010-11-03 23:52] - 1226752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

[2009-07-13 17:38] - [2009-07-13 19:41] - 1008640 ____A (Microsoft Corporation) C:\Windows\System32\user32.dll

[2009-07-13 17:24] - [2009-07-13 19:11] - 0833024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll

[2009-07-13 17:38] - [2009-07-13 19:41] - 0801280 ____A (Microsoft Corporation) C:\Windows\System32\USP10.dll

[2009-07-13 17:25] - [2009-07-13 19:16] - 0627200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\USP10.dll

[2009-07-13 17:57] - [2009-07-13 19:41] - 0029184 ____A (Microsoft Corporation) C:\Windows\System32\version.dll

[2009-07-13 17:41] - [2009-07-13 19:16] - 0021504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\version.dll

[2010-12-14 17:18] - [2010-11-04 00:35] - 1194496 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

[2010-12-14 17:18] - [2010-11-03 23:52] - 0978944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

[2009-07-13 17:54] - [2009-07-13 19:41] - 0311808 ____A (Microsoft Corporation) C:\Windows\System32\wldap32.dll

[2009-07-13 17:38] - [2009-07-13 19:16] - 0268800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wldap32.dll

[2009-07-13 17:21] - [2009-07-13 19:41] - 0296448 ____A (Microsoft Corporation) C:\Windows\System32\WS2_32.dll

[2009-07-13 17:12] - [2009-07-13 19:16] - 0206336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WS2_32.dll

======================= Partitions ===========================

1 Drive c: (OS) Fixed Total:687.72 GB Free:556.15 GB NTFS
4 Drive f: (RECOVERY) Fixed Total:10.88 GB Free:4.71 GB NTFS
5 Drive g: (SWANNACK) Removable Total:1.86 GB Free:1.86 GB FAT
10 Drive x: (Boot) Fixed Total:0.03 GB Free:0.03 GB NTFS

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:27 PM

Posted 22 January 2011 - 09:16 PM

Well done.

I see some stuff to work on. This round we will remove some the Daemon tools entries and a couple of others to rule out their role.

We need to fix some of the entries that FRST has found.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

HKU\todd\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun (DT Soft Ltd)[1305408 2011-01-05]
HKU\todd\...\Run: [Fnovuxuvijuki] rundll32.exe "C:\Users\todd\AppData\Local\rPZi32.dll",Startup ()[90112 2009-07-13]
HKLM\...\Runonce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
C:\Users\todd\AppData\Local\rPZi32.dll
2 SessionLauncher; c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe
1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-01-08] (DT Soft Ltd)


Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Then let the computer boot normally and tell me how far it goes and what you see on the screen.

#11 Pavo Real

Pavo Real
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 22 January 2011 - 10:35 PM

Hi Farbar,

Thanks. I have pasted the fixlog.txt below. After I ran the fix, I let windows start normally. The following things happened:

1)Booted up normally into Windows, although it hung at the loading screen for longer than normal (probably 1 full minute)

2) As soon as windows loaded, an error popped up: " Windows has recovered from an unexpected shutdown"

3) I clicked on problem details and as I was writing down the information for you, the screen became pixelated and the machine rebooted itself. I turned it off before it could finish the reboot.

The problem details were: Blue screen, OS 6.1.7600.2.0.0.7683, Locale ID 1033. I'm sorry I couldn't get any more info, but that was all I was able to write down before the reboot.


=======================================
Fix result of Farbars's Recovery Tool (FRST written by farbar Version 1.8)
Ran by SYSTEM at 2011-01-22 18:24:45 R:1
Running from H:\

==============================================

HKEY_USERS\todd\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite Value deleted successfully.
HKEY_USERS\todd\Software\Microsoft\Windows\CurrentVersion\Run\\Fnovuxuvijuki Value deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*WerKernelReporting Value deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist Key deleted successfully.
C:\Users\todd\AppData\Local\rPZi32.dll moved successfully.
SessionLauncher service deleted successfully.
dtsoftbus01 service deleted successfully.

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:27 PM

Posted 23 January 2011 - 06:41 AM

thanks for the detailed feedback.

So we know the system can boots normally. We need to find out what is causing the blue screen.

  • Start in Safe Mode Using the F8 key:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
    • Use the arrow keys to select the Safe Mode with networking menu item.
    • Press the Enter key.
    • Log to your usual account.
  • Set up Windows in order not to restart automatically by system failure:
    • Go to start and right-click Computer and select Properties.
    • In the left pane select Advanced System Settings.
    • Under Advanced tab in the Startup and Recovery section press Setting.[list]
    • The option "write an event to system log" should be checked.
    • The option "Automatically restart" should be unchecked.
    • Click OK twice and close the open window.
      From now on if you get a notification error or BSOD please note the exact error message and post it to your reply.
  • Please navigate to C:\Windows\Minidump directory. there are a number of files with following names:
    010811-28750-01.dmp
    010811-16676-01.dmp
    010811-32744-01.dmp
    010811-14835-01.dmp
    010811-17877-01.dmp
    010811-17690-01.dmp


    These are the minidump files from the crashes. There should be another one with name 012311-xxxxx-xx.dmp from the last crash.
    We need all of them. Please zip them. If you don't have a third party archiving software do the following.
    To zip the files:
    • Select one of them.
    • Hold down Ctrl key and select all of them.
    • Right-click and from the context menu select Sent to.
    • Select Compressed (zipped) Folder.
    To submit the files:
  • Also let me know if the computer crashes in Safe Mode too.


#13 Pavo Real

Pavo Real
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 23 January 2011 - 09:59 AM

Hi Farbar,

Ok, I was unable to boot into safe mode with networking. As safe mode was loading, I got a Blue Screen and the machine rebooted itself. I tried 3 times and the same thing happened every time. I was unable to write down the BSOD information b/c it happened so fast.

Pavo

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:27 PM

Posted 23 January 2011 - 10:33 AM

Okay Pavo. We will get the error.

  • We need to fix some of the entries that FRST has found.

    Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

    2011-01-08 14:37 - 2011-01-08 14:37 - 0000000 ____A C:\Users\todd\Application Data\chrtmp
    2011-01-08 14:37 - 2011-01-08 14:37 - 0000000 ____A C:\Users\todd\AppData\Roaming\chrtmp
    2011-01-08 14:25 - 2011-01-08 14:25 - 0254528 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
    2011-01-08 14:25 - 2011-01-08 14:25 - 0000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
    2011-01-08 14:24 - 2011-01-08 14:28 - 0000000 ____D C:\Users\todd\Application Data\DAEMON Tools Lite
    2011-01-08 14:24 - 2011-01-08 14:28 - 0000000 ____D C:\Users\todd\AppData\Roaming\DAEMON Tools Lite
    2011-01-08 14:24 - 2011-01-08 14:24 - 0000000 ____D C:\Users\All Users\DAEMON Tools Lite
    2011-01-08 14:24 - 2011-01-08 14:24 - 0000000 ____D C:\Users\All Users\Application Data\DAEMON Tools Lite
    2011-01-08 14:24 - 2011-01-08 14:24 - 0000000 ____D C:\ProgramData\DAEMON Tools Lite
    cmd: copy /y C:\Windows\Minidump\*.dmp g:\
    cmd: copy /y C:\Windows\Minidump\*.dmp h:\
    

    Now please enter System Recovery Options.
    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
  • Now reboot and let it boot to normal mode. If you still get BSOD do the following:
    The fix has copied the dump files to your flashdrive. Please follow the instruction in the step 3 of the previous post to zip and upload the files.
  • Tell me which software (from your friend) did you installed that it led to the crash.


#15 Pavo Real

Pavo Real
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:27 AM

Posted 23 January 2011 - 11:04 AM

Hi Farbar,

The fixitlog.txt is pasted below. I rebooted the computer and the windows loading screen came up, then as the desktop was loading, the screen became pixelated and the machine rebooted. The desktop never appeared. I sent the zip file with the .dmp files to you.

The software I was trying to load was Photoshop CS5. My buddy told me he could get it for me for free, so I trusted him and well, I screwed up big time. I spoke with him and he never checked the files for viruses. The file I clicked on was the "key file" or something like that. I won't ever do that again. I did a little research online and apparently bad things happen when you do that. And I'm actually pretty embarrassed. Thanks again.




========================
Fix result of Farbars's Recovery Tool (FRST written by farbar Version 1.8)
Ran by SYSTEM at 2011-01-23 05:49:38 R:2
Running from H:\

==============================================

C:\Users\todd\Application Data\chrtmp moved successfully.
C:\Users\todd\AppData\Roaming\chrtmp not found.
C:\Windows\System32\Drivers\dtsoftbus01.sys moved successfully.
C:\Program Files (x86)\DAEMON Tools Lite moved successfully.
C:\Users\todd\Application Data\DAEMON Tools Lite moved successfully.
C:\Users\todd\AppData\Roaming\DAEMON Tools Lite not found.
C:\Users\All Users\DAEMON Tools Lite moved successfully.
C:\Users\All Users\Application Data\DAEMON Tools Lite not found.
C:\ProgramData\DAEMON Tools Lite not found.

========= copy /y C:\Windows\Minidump\*.dmp g:\ =========

C:\Windows\Minidump\010811-14835-01.dmp
The device is not ready.
0 file(s) copied.

========= End of CMD: =========


========= copy /y C:\Windows\Minidump\*.dmp h:\ =========

C:\Windows\Minidump\010811-14835-01.dmp
C:\Windows\Minidump\010811-16676-01.dmp
C:\Windows\Minidump\010811-17628-01.dmp
C:\Windows\Minidump\010811-17690-01.dmp
C:\Windows\Minidump\010811-17877-01.dmp
C:\Windows\Minidump\010811-28750-01.dmp
C:\Windows\Minidump\010811-32744-01.dmp
C:\Windows\Minidump\012211-20358-01.dmp
C:\Windows\Minidump\012311-15912-01.dmp
C:\Windows\Minidump\012311-17752-01.dmp
10 file(s) copied.

========= End of CMD: =========




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users